Skip to content

chore(deps): bump the actions-updates group across 1 directory with 5 updates#69

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-updates-5ad3f70af4
Closed

chore(deps): bump the actions-updates group across 1 directory with 5 updates#69
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-updates-5ad3f70af4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 2, 2026
edited
Loading

Bumps the actions-updates group with 5 updates in the / directory:

Package From To
step-security/harden-runner 2.13.1 2.14.1
actions/checkout 5.0.0 6.0.2
actions/upload-artifact 4.6.2 6.0.0
actions/create-github-app-token 2.1.4 2.2.1
release-plz/action 0.5.118 0.5.124

Updates step-security/harden-runner from 2.13.1 to 2.14.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.14.1

What's Changed

  1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

  2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

v2.14.0

What's Changed

  • Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
  • Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

v2.13.3

What's Changed

  • Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

v2.13.2

What's Changed

  • Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
  • Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

Commits
  • e3f713f Merge pull request #631 from step-security/rc-31
  • 423acdd chore: fix npm audit vulnerabilities
  • 0ddb86c update agent
  • 20cf305 Merge pull request #622 from step-security/feature/custom-property-skip
  • c51e8ee feat: skip agent install and post step on subsequent runs for GitHub-hosted r...
  • e152b90 feat: skip harden-runner based on repository custom property
  • ee1faec feat: replace skip-harden-runner with skip-on-custom-property input
  • 1dc7c17 feat: add skip-harden-runner input to conditionally skip execution
  • df199fb Merge pull request #620 from step-security/rc-29
  • 03d096a update agent
  • Additional commits viewable in compare view

Updates actions/checkout from 5.0.0 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates actions/upload-artifact from 4.6.2 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.1.4 to 2.2.1

Release notes

Sourced from actions/create-github-app-token's releases.

v2.2.1

2.2.1 (2025-12-05)

Bug Fixes

  • deps: bump the production-dependencies group with 2 updates (#311) (b212e6a)

v2.2.0

2.2.0 (2025-11-21)

Bug Fixes

  • deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
  • deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)
  • deps: bump the production-dependencies group with 2 updates (#292) (55e2a4b)

Features

Commits
  • 29824e6 build(release): 2.2.1 [skip ci]
  • b212e6a fix(deps): bump the production-dependencies group with 2 updates (#311)
  • 8efbf9b ci: create stale workflow (#309)
  • 7e473ef build(release): 2.2.0 [skip ci]
  • dce3be8 fix(deps): bump p-retry from 6.2.1 to 7.1.0 (#294)
  • 5480f43 fix(deps): bump glob from 10.4.5 to 10.5.0 (#305)
  • d90aa53 feat: update permission inputs (#296)
  • 55e2a4b fix(deps): bump the production-dependencies group with 2 updates (#292)
  • cc6f999 ci(test): trigger on merge_group (#308)
  • 40fa6b5 build(deps-dev): bump @​sinonjs/fake-timers from 14.0.0 to 15.0.0 (#295)
  • Additional commits viewable in compare view

Updates release-plz/action from 0.5.118 to 0.5.124

Release notes

Sourced from release-plz/action's releases.

v0.5.124

What's Changed

Full Changelog: release-plz/action@v0.5...v0.5.124

v0.5.123

What's Changed

Full Changelog: release-plz/action@v0.5...v0.5.123

v0.5.122

What's Changed

New Contributors

Full Changelog: release-plz/action@v0.5...v0.5.122

v0.5.121

What's Changed

Full Changelog: release-plz/action@v0.5...v0.5.121

v0.5.120

What's Changed

Full Changelog: release-plz/action@v0.5...v0.5.120

v0.5.119

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the actions-updates group across 1 directory with 5…
7732f90 
… updates

Bumps the actions-updates group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.1` | `2.14.1` |
| [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.2` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.1.4` | `2.2.1` |
| [release-plz/action](https://github.com/release-plz/action) | `0.5.118` | `0.5.124` |



Updates `step-security/harden-runner` from 2.13.1 to 2.14.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@f4a75cf...e3f713f)

Updates `actions/checkout` from 5.0.0 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...de0fac2)

Updates `actions/upload-artifact` from 4.6.2 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...b7c566a)

Updates `actions/create-github-app-token` from 2.1.4 to 2.2.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@6701853...29824e6)

Updates `release-plz/action` from 0.5.118 to 0.5.124
- [Release notes](https://github.com/release-plz/action/releases)
- [Commits](release-plz/action@d529f73...e592230)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-updates
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-updates
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-updates
- dependency-name: actions/create-github-app-token
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-updates
- dependency-name: release-plz/action
  dependency-version: 0.5.124
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 2, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 4, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Feb 4, 2026
@dependabot dependabot bot deleted the dependabot/github_actions/actions-updates-5ad3f70af4 branch February 4, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants