Skip to content

ci(deps): bump the github-actions group across 1 directory with 20 updates#93

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github-actions-f56e67653c
Open

ci(deps): bump the github-actions group across 1 directory with 20 updates#93
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github-actions-f56e67653c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 20 updates in the /.github/workflows directory:

Package From To
step-security/harden-runner 2.16.1 2.19.4
actions/checkout 6.0.2 7.0.0
step-security/action-gh-release 2.6.1 3.0.0
mozilla-actions/sccache-action 0.0.9 0.0.10
step-security/rust-cache 2.8.3 2.9.1
step-security/setup-buildx-action 4.0.0 4.1.0
step-security/docker-login-action 3.7.0 4.2.0
docker/metadata-action 6.0.0 6.1.0
step-security/docker-build-push-action 6.18.0 7.2.0
actions/upload-artifact 7.0.0 7.0.1
step-security/action-semantic-pull-request 6.1.1 6.1.2
step-security/mise-action 3.6.1 4.0.1
taiki-e/install-action 2.73.0 2.82.6
codecov/codecov-action 6.0.0 7.0.0
step-security/paths-filter 3.0.5 4.0.1
github/codeql-action/init 4.35.1 4.36.2
github/codeql-action/analyze 4.35.1 4.36.2
actions/labeler 6.0.1 6.1.0
googleapis/release-please-action 4.4.0 5.0.0
actions/dependency-review-action 4.9.0 5.0.0

Updates step-security/harden-runner from 2.16.1 to 2.19.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

  • Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

What's Changed

What the fix changes

  • Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

  • Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
  • Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

  • Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.
  • System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

... (truncated)

Commits
  • 9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
  • 485dce8 Update agent to v1.8.6
  • ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
  • ec41b78 Default to audit mode when api-key missing with use-policy-store
  • 9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
  • 1dee3df Update agent to v1.8.5
  • a5ad31d Merge pull request #657 from devantler/fix/ubuntu-slim-user-env
  • 6e92856 build dist and trim ubuntu-slim message
  • 4e0504e Merge branch 'main' into fix/ubuntu-slim-user-env
  • 8d3c67d Release v2.19.0 (#661)
  • Additional commits viewable in compare view

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates step-security/action-gh-release from 2.6.1 to 3.0.0

Release notes

Sourced from step-security/action-gh-release's releases.

v3.0.0

What's Changed

New Contributors

Full Changelog: step-security/action-gh-release@v2...v3.0.0

Commits
  • 277bfa8 Merge pull request #86 from step-security/auto-cherry-pick
  • fcbd57a chore: Cherry-pick conflicting changes from upstream
  • 28e0835 fix: apply code build script
  • 147407f release: cut v3.0.0 for Node 24 upgrade (#670)
  • b06017c release: cut v3.0.0 for Node 24 upgrade (#670)
  • 7f52c03 Merge pull request #87 from step-security/npm-audit-fix
  • e09057e fix: apply audit fixes
  • 38e3839 fix: apply audit fixes
  • 30dad22 Merge pull request #85 from step-security/auto-cherry-pick
  • e5ef807 chore: Bump version to 2.6.2
  • Additional commits viewable in compare view

Updates mozilla-actions/sccache-action from 0.0.9 to 0.0.10

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.10

What's Changed

New Contributors

Full Changelog: Mozilla-Actions/sccache-action@v0.0.9...v0.0.10

Commits
  • 9e7fa8a Merge pull request #251 from sylvestre/ver
  • 3ca012d prepare version 0.0.10
  • 7cf1643 Merge pull request #231 from Mozilla-Actions/dependabot/npm_and_yarn/js-yaml-...
  • b2be802 Merge pull request #246 from baseplate-admin/patch-1
  • 84812a5 Merge pull request #250 from Mozilla-Actions/dependabot/npm_and_yarn/handleba...
  • 4e28318 Merge pull request #249 from Mozilla-Actions/dependabot/npm_and_yarn/picomatc...
  • cfa813e Merge pull request #248 from Mozilla-Actions/dependabot/npm_and_yarn/flatted-...
  • ef3762b Merge pull request #245 from cakebaker/bump_to_node24
  • 919bfb6 Bump handlebars from 4.7.8 to 4.7.9
  • 167904b Bump picomatch from 2.3.1 to 2.3.2
  • Additional commits viewable in compare view

Updates step-security/rust-cache from 2.8.3 to 2.9.1

Release notes

Sourced from step-security/rust-cache's releases.

v2.9.1

What's Changed

Full Changelog: step-security/rust-cache@v2...v2.9.1

v2.8.4

What's Changed

New Contributors

Full Changelog: step-security/rust-cache@v2...v2.8.4

Commits
  • 851174d fix: test vulns fixed (#279)
  • f0d17cd Merge branch 'main' into fix/test-vulnerabilities-fixed
  • 90bb4a5 chore: Cherry-picked changes from upstream (#281)
  • 595123a Merge pull request #280 from step-security/auto-cherry-pick
  • b1072eb conflicted commits cherry-picked
  • 374bbf5 fix: apply code build script
  • dd5ecff fix: apply code build script
  • 7791ac0 Compare case-insenitively for full cache key match (#303)
  • 49df1bd Consider all installed toolchains in cache key (#293)
  • 84286e5 Consider all installed toolchains in cache key (#293)
  • Additional commits viewable in compare view

Updates step-security/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from step-security/setup-buildx-action's releases.

v4.1.0

What's Changed

New Contributors

Full Changelog: step-security/setup-buildx-action@v4...v4.1.0

Commits
  • 6997872 fix: upgraded brace-exapansion to fix vulns (#43)
  • 6c9e35b fix: Security updates (#44)
  • cbe0f84 upgraded brace-exapansion to fix vulns
  • a4a5120 Merge pull request #40 from step-security/dependabot/npm_and_yarn/postcss-8.5.15
  • e46bcc1 build(deps): bump postcss from 8.5.8 to 8.5.15
  • f9a992a Merge pull request #41 from step-security/dependabot/npm_and_yarn/fast-xml-pa...
  • 380eee2 build(deps): bump fast-xml-parser from 5.5.9 to 5.8.0
  • d9211dc Merge pull request #42 from step-security/dependabot/npm_and_yarn/tmp-0.2.7
  • 28215ee build(deps): bump tmp from 0.2.5 to 0.2.7
  • d20698f Merge pull request #38 from step-security/dependabot/npm_and_yarn/fast-xml-bu...
  • Additional commits viewable in compare view

Updates step-security/docker-login-action from 3.7.0 to 4.2.0

Release notes

Sourced from step-security/docker-login-action's releases.

v4.2.0

What's Changed

Full Changelog: step-security/docker-login-action@v4...v4.2.0

v4.1.0

What's Changed

New Contributors

Full Changelog: step-security/docker-login-action@v3...v4.1.0

Commits
  • 164e21d Merge pull request #43 from step-security/fix/vulnerabilities-fix
  • 02bf41c fix: upgraded packages to fix vulnerabilities
  • d351b10 Merge pull request #42 from step-security/dependabot/npm_and_yarn/fast-xml-bu...
  • 14bbeab build(deps): bump fast-xml-builder from 1.1.4 to 1.2.0
  • 6f2e8f4 Merge pull request #40 from step-security/dependabot/npm_and_yarn/axios-1.16.0
  • e3944e0 build(deps): bump axios from 1.15.0 to 1.16.0
  • 05c941d Merge pull request #39 from step-security/auto-cherry-pick
  • 9aecf0b conflicted commits cherry-picked manually
  • 4e8228f replace ncc with esbuild for action bundling
  • 870af64 Merge pull request #36 from step-security/fix/subscription_code
  • Additional commits viewable in compare view

Updates docker/metadata-action from 6.0.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits
  • 80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 8e0ddab chore: update generated content
  • a8db14b chore(deps): Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • 63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
  • c6916a6 chore: update generated content
  • aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
  • 9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
  • 43dea76 chore: update generated content
  • 7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
  • e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
  • Additional commits viewable in compare view

Updates step-security/docker-build-push-action from 6.18.0 to 7.2.0

Release notes

Sourced from step-security/docker-build-push-action's releases.

v7.2.0

What's Changed

Full Changelog: step-security/docker-build-push-action@v7...v7.2.0

v7.1.0

What's Changed

…dates

Bumps the github-actions group with 20 updates in the /.github/workflows directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.19.4` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [step-security/action-gh-release](https://github.com/step-security/action-gh-release) | `2.6.1` | `3.0.0` |
| [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) | `0.0.9` | `0.0.10` |
| [step-security/rust-cache](https://github.com/step-security/rust-cache) | `2.8.3` | `2.9.1` |
| [step-security/setup-buildx-action](https://github.com/step-security/setup-buildx-action) | `4.0.0` | `4.1.0` |
| [step-security/docker-login-action](https://github.com/step-security/docker-login-action) | `3.7.0` | `4.2.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` |
| [step-security/docker-build-push-action](https://github.com/step-security/docker-build-push-action) | `6.18.0` | `7.2.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [step-security/action-semantic-pull-request](https://github.com/step-security/action-semantic-pull-request) | `6.1.1` | `6.1.2` |
| [step-security/mise-action](https://github.com/step-security/mise-action) | `3.6.1` | `4.0.1` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.73.0` | `2.82.6` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `7.0.0` |
| [step-security/paths-filter](https://github.com/step-security/paths-filter) | `3.0.5` | `4.0.1` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [actions/labeler](https://github.com/actions/labeler) | `6.0.1` | `6.1.0` |
| [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `5.0.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |



Updates `step-security/harden-runner` from 2.16.1 to 2.19.4
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@fe10465...9af89fc)

Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `step-security/action-gh-release` from 2.6.1 to 3.0.0
- [Release notes](https://github.com/step-security/action-gh-release/releases)
- [Commits](step-security/action-gh-release@dc29ef0...277bfa8)

Updates `mozilla-actions/sccache-action` from 0.0.9 to 0.0.10
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](Mozilla-Actions/sccache-action@7d986dd...9e7fa8a)

Updates `step-security/rust-cache` from 2.8.3 to 2.9.1
- [Release notes](https://github.com/step-security/rust-cache/releases)
- [Commits](step-security/rust-cache@9be15b8...851174d)

Updates `step-security/setup-buildx-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/step-security/setup-buildx-action/releases)
- [Commits](step-security/setup-buildx-action@f931205...6997872)

Updates `step-security/docker-login-action` from 3.7.0 to 4.2.0
- [Release notes](https://github.com/step-security/docker-login-action/releases)
- [Commits](step-security/docker-login-action@6aa05fe...164e21d)

Updates `docker/metadata-action` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@030e881...80c7e94)

Updates `step-security/docker-build-push-action` from 6.18.0 to 7.2.0
- [Release notes](https://github.com/step-security/docker-build-push-action/releases)
- [Commits](step-security/docker-build-push-action@a8c3d08...9af9b5a)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `step-security/action-semantic-pull-request` from 6.1.1 to 6.1.2
- [Release notes](https://github.com/step-security/action-semantic-pull-request/releases)
- [Commits](step-security/action-semantic-pull-request@bc0cf74...75d2dd5)

Updates `step-security/mise-action` from 3.6.1 to 4.0.1
- [Release notes](https://github.com/step-security/mise-action/releases)
- [Commits](step-security/mise-action@88aa01c...c7396e2)

Updates `taiki-e/install-action` from 2.73.0 to 2.82.6
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/install-action@7a562df...9bcaee1)

Updates `codecov/codecov-action` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@57e3a13...fb8b358)

Updates `step-security/paths-filter` from 3.0.5 to 4.0.1
- [Release notes](https://github.com/step-security/paths-filter/releases)
- [Commits](step-security/paths-filter@6eee183...5c5241b)

Updates `github/codeql-action/init` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `github/codeql-action/analyze` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `actions/labeler` from 6.0.1 to 6.1.0
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](actions/labeler@634933e...f27b608)

Updates `googleapis/release-please-action` from 4.4.0 to 5.0.0
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@16a9c90...45996ed)

Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@2031cfc...a1d282b)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: step-security/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: mozilla-actions/sccache-action
  dependency-version: 0.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: step-security/rust-cache
  dependency-version: 2.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: step-security/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: step-security/docker-login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/metadata-action
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: step-security/docker-build-push-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: step-security/action-semantic-pull-request
  dependency-version: 6.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: step-security/mise-action
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.82.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: step-security/paths-filter
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/labeler
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: googleapis/release-please-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/dependency-review-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added area/ci CI/CD area/deps Dependencies labels Jun 29, 2026
@github-actions github-actions Bot added area/config Configuration and removed area/deps Dependencies labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/ci CI/CD area/config Configuration

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants