Skip to content

ci: bump the github-actions group across 1 directory with 7 updates#336

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/github-actions-414c55c95b
Open

ci: bump the github-actions group across 1 directory with 7 updates#336
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/github-actions-414c55c95b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 23, 2026
edited
Loading

Bumps the github-actions group with 7 updates in the / directory:

Package From To
actions/checkout 6.0.1 6.0.2
moonrepo/setup-rust 1.2.2 1.3.0
taiki-e/setup-cross-toolchain-action 1.32.1 1.39.2
taiki-e/upload-rust-binary-action 1.27.0 1.30.2
actions/upload-artifact 5 7
actions/create-github-app-token 2.2.1 3.1.1
MarcoIeni/release-plz-action 0.5.120 0.5.128

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits
  • de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
  • 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
  • See full diff in compare view

Updates moonrepo/setup-rust from 1.2.2 to 1.3.0

Release notes

Sourced from moonrepo/setup-rust's releases.

v1.3.0

  • Added a cache-extra-identifier input.
  • Updated action to Node.js v24.
  • Updated dependencies.
Changelog

Sourced from moonrepo/setup-rust's changelog.

1.3.0

  • Added a cache-extra-identifier input.
  • Updated action to Node.js v24.
  • Updated dependencies.

1.2.2

  • Updated dependencies.

1.2.1

  • Pinned the cargo-binstall version to v1.8 to work around the 404 errors in CI.
  • Added support for the CARGO_BINSTALL_VERSION environment variable.

1.2.0

  • Added a target-dirs input, allowing the target folders to be specified. Can now cache multiple target folders.
  • Updated to skip caching a directory if it does not exist, instead of failing.
  • Updated dependencies.

1.1.0

  • Added a cache-base input. When provided, will only save cache on this branch/ref, but will restore cache on all branches/refs.
  • Updated dependencies.

1.0.3

  • Include GITHUB_WORKFLOW in cache key.
  • Updated dependencies.

1.0.2

  • Switch to Node.js v20.

1.0.1

  • Fixed an issue where a module was missing from the build.

1.0.0

  • Will now install rustup if it does not exist in the environment.
  • Added musl support to cargo-binstall.

0.6.0

  • Breaking: Cargo bins must provide the cargo- crate prefix manually. This change allows non-crate globals to be installed.

... (truncated)

Commits

Updates taiki-e/setup-cross-toolchain-action from 1.32.1 to 1.39.2

Release notes

Sourced from taiki-e/setup-cross-toolchain-action's releases.

1.39.2

  • Improve support for Ubuntu 26.04.

1.39.1

  • Avoid triggering zizmor ref-confusion when using this action in form of uses: taiki-e/setup-cross-toolchain-action@v1.

1.39.0

  • Support native runner for soft-float little-endian Arm linux-gnu targets on GitHub-hosted AArch64 Linux runners (ubuntu-22.04-arm, ubuntu-24.04-arm) with Debian containers.

1.38.0

1.37.1

1.37.0

  • Support {x86_64,aarch64}-pc-windows-gnullvm on Windows host.

1.36.0

  • Accept target: host-tuple input option (align to Cargo 1.91+).

1.35.0

  • Add runner: valgrind input option to run tests with Valgrind. (#35)

  • Add package input option to install packages for target. (#34)

    This is currently only supported for some Linux (GNU) targets on Ubuntu/Debian hosts, and packages will be installed using the form: <sudo as needed> apt-get install --no-install-recommends <each package>:<target's dpkg arch>...

1.34.0

  • Set default qemu cpu to max on AArch64, Arm, LoongArch64, RISC-V, and s390x.

  • Document the QEMU default CPU policy. A similar policy had been in use previously, but now it is being strengthened and formally documented.

    We usually set QEMU CPU to max (or CPU newer than the default if -cpu=max is unavailable) to allow testing more CPU features. If you want to test for a specific CPU, you can override it by setting the QEMU_CPU environment variable.

1.33.0

  • Update the default QEMU version from 10.1 to 10.2.
Changelog

Sourced from taiki-e/setup-cross-toolchain-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

  • Support trailing comma in package input option.

  • Improve robustness for network failure.

[1.39.2] - 2026-03-29

  • Improve support for Ubuntu 26.04.

[1.39.1] - 2026-03-08

  • Avoid triggering zizmor ref-confusion when using this action in form of uses: taiki-e/setup-cross-toolchain-action@v1.

[1.39.0] - 2026-03-07

  • Support native runner for soft-float little-endian Arm linux-gnu targets on GitHub-hosted AArch64 Linux runners (ubuntu-22.04-arm, ubuntu-24.04-arm) with Debian containers.

[1.38.0] - 2026-01-29

[1.37.1] - 2026-01-11

[1.37.0] - 2025-12-30

  • Support {x86_64,aarch64}-pc-windows-gnullvm on Windows host.

[1.36.0] - 2025-12-30

  • Accept target: host-tuple input option (align to Cargo 1.91+).

[1.35.0] - 2025-12-29

  • Add runner: valgrind input option to run tests with Valgrind. (#35)

... (truncated)

Commits
  • d62f33b Release 1.39.2
  • 3e78838 Handle more dpkg arch
  • 01d08fc ci: Test ubuntu 26.04 container
  • 18e4926 Remove duplicated retry
  • d3a76b3 tools: Update scripts and related config
  • 6a8645b ci: Use taiki-e/github-actions/.github/workflows/action-release.yml
  • 8176d53 ci: Disable deployment
  • 6e0d5c3 ci: Update config
  • a2c6b0c zizmor: Enable ref-confusion
  • 20dbac4 Release 1.39.1
  • Additional commits viewable in compare view

Updates taiki-e/upload-rust-binary-action from 1.27.0 to 1.30.2

Release notes

Sourced from taiki-e/upload-rust-binary-action's releases.

1.30.2

  • Enhance security when dry-run is true.

1.30.1

  • Enhance security against supply chain attacks.

1.30.0

  • upload-rust-binary-action no longer requires token input. This action now uses ${{ github.token }} as the default token, like actions/checkout does.

  • Support trailing comma in bin, package, include, asset, and checksum input options.

  • Documentation improvements.

1.29.1

  • Fix missing default value for all-features causing build errors. (#114, thanks @​ftnfurina)

1.29.0

  • Add all-features and workspace input options. (#112)

  • Accept whitespace or comma separated list in package input option. (#112)

1.28.1

  • Avoid triggering zizmor ref-confusion when using this action in form of uses: taiki-e/upload-rust-binary-action@v1.

1.28.0

  • bin, checksum, include, and asset input options now support whitespace (space, tab, and line) or comma separated list. Previously, only comma-separated list was supported. (#111)

  • Enable release immutability.

Changelog

Sourced from taiki-e/upload-rust-binary-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[1.30.2] - 2026-04-17

  • Enhance security when dry-run is true.

[1.30.1] - 2026-04-17

  • Enhance security against supply chain attacks.

[1.30.0] - 2026-04-04

  • upload-rust-binary-action no longer requires token input. This action now uses ${{ github.token }} as the default token, like actions/checkout does.

  • Support trailing comma in bin, package, include, asset, and checksum input options.

  • Documentation improvements.

[1.29.1] - 2026-03-18

  • Fix missing default value for all-features causing build errors. (#114, thanks @​ftnfurina)

[1.29.0] - 2026-03-17

  • Add all-features and workspace input options. (#112)

  • Accept whitespace or comma separated list in package input option. (#112)

[1.28.1] - 2026-03-08

  • Avoid triggering zizmor ref-confusion when using this action in form of uses: taiki-e/upload-rust-binary-action@v1.

[1.28.0] - 2026-02-11

  • bin, checksum, include, and asset input options now support whitespace (space, tab, and line) or comma separated list. Previously, only comma-separated list was supported. (#111)

  • Enable release immutability.

[1.27.0] - 2025-06-14

... (truncated)

Commits

Updates actions/upload-artifact from 5 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.2.1 to 3.1.1

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

  • improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

  • deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

  • Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
  • Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

  • deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
  • deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
  • deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
  • deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

... (truncated)

Commits
  • 1b10c78 build(release): 3.1.1 [skip ci]
  • 07e2b76 fix: improve error message when app identifier is empty (#362)
  • ea01216 ci: remove publish-immutable-action workflow (#361)
  • 7bd0371 build(release): 3.1.0 [skip ci]
  • e6bd4e6 feat: add client-id input and deprecate app-id (#353)
  • 076e948 feat: update permission inputs (#358)
  • 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
  • 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
  • 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
  • 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
  • Additional commits viewable in compare view

Updates MarcoIeni/release-plz-action from 0.5.120 to 0.5.128

Release notes

Sourced from MarcoIeni/release-plz-action's releases.

v0.5.128

What's Changed

Full Changelog: release-plz/action@v0.5...v0.5.128

v0.5.127

What's Changed

... (truncated)

Commits
  • 1528104 chore(deps): update cargo-bins/cargo-binstall action to v1.17.7 (#292)
  • 7ae6a1e Update to 0.3.157 (#300)
  • 9872b1d chore(deps): update dependency taiki-e/install-action to v2.68.21 (#299)
  • 1f68a2f chore(deps): update dependency taiki-e/install-action to v2.68.20 (#298)
  • 747e375 chore(deps): update dependency taiki-e/install-action to v2.68.19 (#297)
  • 5efa360 chore(deps): update dependency taiki-e/install-action to v2.68.18 (#296)
  • d92a286 chore(deps): update dependency taiki-e/install-action to v2.68.17 (#295)
  • d5a6bf3 chore(deps): update dependency taiki-e/install-action to v2.68.16 (#294)
  • 357de01 chore(deps): lock file maintenance (#293)
  • 38c172f chore(deps): update dependency taiki-e/install-action to v2.68.15 (#291)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 23, 2026
@dependabot
ci: bump the github-actions group across 1 directory with 7 updates
ee3f74c 
Bumps the github-actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |
| [moonrepo/setup-rust](https://github.com/moonrepo/setup-rust) | `1.2.2` | `1.3.0` |
| [taiki-e/setup-cross-toolchain-action](https://github.com/taiki-e/setup-cross-toolchain-action) | `1.32.1` | `1.39.2` |
| [taiki-e/upload-rust-binary-action](https://github.com/taiki-e/upload-rust-binary-action) | `1.27.0` | `1.30.2` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5` | `7` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.1.1` |
| [MarcoIeni/release-plz-action](https://github.com/marcoieni/release-plz-action) | `0.5.120` | `0.5.128` |



Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8e8c483...de0fac2)

Updates `moonrepo/setup-rust` from 1.2.2 to 1.3.0
- [Release notes](https://github.com/moonrepo/setup-rust/releases)
- [Changelog](https://github.com/moonrepo/setup-rust/blob/master/CHANGELOG.md)
- [Commits](moonrepo/setup-rust@ede6de0...abb2d32)

Updates `taiki-e/setup-cross-toolchain-action` from 1.32.1 to 1.39.2
- [Release notes](https://github.com/taiki-e/setup-cross-toolchain-action/releases)
- [Changelog](https://github.com/taiki-e/setup-cross-toolchain-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/setup-cross-toolchain-action@84e58a4...d62f33b)

Updates `taiki-e/upload-rust-binary-action` from 1.27.0 to 1.30.2
- [Release notes](https://github.com/taiki-e/upload-rust-binary-action/releases)
- [Changelog](https://github.com/taiki-e/upload-rust-binary-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/upload-rust-binary-action@3962470...f0d45ae)

Updates `actions/upload-artifact` from 5 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v5...v7)

Updates `actions/create-github-app-token` from 2.2.1 to 3.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@29824e6...1b10c78)

Updates `MarcoIeni/release-plz-action` from 0.5.120 to 0.5.128
- [Release notes](https://github.com/marcoieni/release-plz-action/releases)
- [Commits](release-plz/action@487eb7b...1528104)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/create-github-app-token
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: MarcoIeni/release-plz-action
  dependency-version: 0.5.128
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: moonrepo/setup-rust
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: taiki-e/setup-cross-toolchain-action
  dependency-version: 1.39.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: taiki-e/upload-rust-binary-action
  dependency-version: 1.29.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-414c55c95b branch from 0d493b2 to ee3f74c Compare April 27, 2026 04:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants