Bump the gh-version-updates group with 8 updates by dependabot[bot] · Pull Request #309 · ONSdigital/eq-questionnaire-validator

dependabot · 2026-01-22T10:49:26Z

Bumps the gh-version-updates group with 8 updates:

Package	From	To
actions/checkout	`4.2.2`	`6.0.1`
github/codeql-action	`3.28.18`	`4.31.10`
oxsecurity/megalinter	`9.1.0`	`9.3.0`
actions/upload-artifact	`5.0.0`	`6.0.0`
actions/setup-python	`5.4.0`	`6.2.0`
actions/setup-node	`4.2.0`	`6.2.0`
actions/cache	`4.2.0`	`5.0.2`
google-github-actions/auth	`2.1.8`	`3.0.0`

Updates actions/checkout from 4.2.2 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
08eba0b Prepare release v4.3.0 (#2237)
Additional commits viewable in compare view

Updates github/codeql-action from 3.28.18 to 4.31.10

Release notes

Sourced from github/codeql-action's releases.

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.10 - 12 Jan 2026

Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.

Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

... (truncated)

Commits

cdefb33 Merge pull request #3394 from github/update-v4.31.10-0fa411efd
cfa77c6 Update changelog for v4.31.10
0fa411e Merge pull request #3393 from github/update-bundle/codeql-bundle-v2.23.9
c284324 Add changelog note
83e7d00 Update default bundle to codeql-bundle-v2.23.9
f6a16be Merge pull request #3391 from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...
c1f5f1a Rebuild
1805d8d Bump the npm-minor group with 2 updates
b2951d2 Merge pull request #3353 from github/kaspersv/bump-min-cli-v-for-overlay
41448d9 Merge pull request #3287 from github/henrymercer/generate-mergeback-last
Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.1.0 to 9.3.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.3.0

What's Changed

Core

Add enum name support in MegaLinter config Json schema for better autocompletion in editors

Update base image to python:3.13-alpine3.23

New linters

Add codespell

Add kingfisher by @bdovaz

Add rumdl by @bdovaz

Linters enhancements

Change checkmake Docker image reference by @bdovaz

Reporters

Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY

Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable

Fix sections display in Gitlab console logs

Doc

Classify all JSON schema config variables by category and section

CI

Free disk space on GitHub actions runner when releasing a new flavor

Add missing Dockerfile patterns to Renovate Dockerfile manager

Remove gitpod custom image, workflow, and makefile targets

Linter versions upgrades (54)

actionlint from 1.7.9 to 1.7.10

ansible-lint from 25.11.1 to 25.12.2

bash-exec from 5.2.37 to 5.3.3

black from 25.11.0 to 25.12.0

cfn-lint from 1.41.0 to 1.43.1

checkov from 3.2.495 to 3.2.497

clang-format from 20.1.8 to 21.1.2

clippy from 0.1.91 to 0.1.92

clj-kondo from 2025.10.23 to 2025.12.23

code-analyzer-apex from 5.6.1 to 5.7.1

code-analyzer-aura from 5.6.1 to 5.7.1

code-analyzer-lwc from 5.6.1 to 5.7.1

cppcheck from 2.14.2 to 2.18.3

csharpier from 1.2.1 to 1.2.5

cspell from 9.3.2 to 9.4.0

dartanalyzer from 3.8.3 to 3.10.7

dotnet-format from 9.0.111 to 9.0.112

git_diff from 2.49.1 to 2.52.0

golangci-lint from 2.6.2 to 2.7.2

grype from 0.104.1 to 0.104.3

helm from 3.18.4 to 3.19.0

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v9.3.0] - 2026-01-04

Core

Add enum name support in MegaLinter config Json schema for better autocompletion in editors

Update base image to python:3.13-alpine3.23

New linters

Add codespell

Add kingfisher by @bdovaz

Add rumdl by @bdovaz

Linters enhancements

Change checkmake Docker image reference by @bdovaz

Reporters

Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY

Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable

Fix sections display in Gitlab console logs

Doc

Classify all JSON schema config variables by category and section

CI

Free disk space on GitHub actions runner when releasing a new flavor

Add missing Dockerfile patterns to Renovate Dockerfile manager

Remove gitpod custom image, workflow, and makefile targets

Linter versions upgrades (54)

actionlint from 1.7.9 to 1.7.10

ansible-lint from 25.11.1 to 25.12.2

bash-exec from 5.2.37 to 5.3.3

black from 25.11.0 to 25.12.0

cfn-lint from 1.41.0 to 1.43.1

checkov from 3.2.495 to 3.2.497

clang-format from 20.1.8 to 21.1.2

clippy from 0.1.91 to 0.1.92

clj-kondo from 2025.10.23 to 2025.12.23

code-analyzer-apex from 5.6.1 to 5.7.1

code-analyzer-aura from 5.6.1 to 5.7.1

code-analyzer-lwc from 5.6.1 to 5.7.1

cppcheck from 2.14.2 to 2.18.3

csharpier from 1.2.1 to 1.2.5

cspell from 9.3.2 to 9.4.0

dartanalyzer from 3.8.3 to 3.10.7

dotnet-format from 9.0.111 to 9.0.112

git_diff from 2.49.1 to 2.52.0

golangci-lint from 2.6.2 to 2.7.2

grype from 0.104.1 to 0.104.3

helm from 3.18.4 to 3.19.0

htmlhint from 1.7.1 to 1.8.0

... (truncated)

Commits

42bb470 Release MegaLinter v9.3.0
fe74938 changelog
edb083a [automation] Auto-update linters version, help and documentation (#6889)
824240c JSON Schema fix (#6888)
9af8d5b chore(deps): update dependency npm-package-json-lint to v9.1.0 (#6883)
781c95c [automation] Auto-update linters version, help and documentation (#6885)
101b802 JSON Schema (#6887)
3ab7a93 chore(deps): update dependency friendsofphp/php-cs-fixer to v3.92.4 (#6886)
12f7c03 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.21 (#6882)
91a9dfb chore(deps): update dependency sfdx-hardis to v6.20.0 (#6884)
Additional commits viewable in compare view

Updates actions/upload-artifact from 5.0.0 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in actions/upload-artifact#719

fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in actions/upload-artifact#744

prepare release v6.0.0 for Node.js 24 support by @salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
ddc45ed docs: update README to correct action name for Node.js 24 support
615b319 chore: release v6.0.0 for Node.js 24 support
017748b Merge pull request #744 from actions/fix-storage-blob
38d4c79 chore: rebuild dist
7d27270 chore: add missing license cache files for @actions/core, @actions/io, and mi...
5f643d3 chore: update license files for @actions/artifact@5.0.1 dependencies
1df1684 chore: update package-lock.json with @actions/artifact@5.0.1
b5b1a91 fix: update @actions/artifact to ^5.0.0 for Node.js 24 punycode fix
Additional commits viewable in compare view

Updates actions/setup-python from 5.4.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Upgrade dependencies to Node 24 compatible versions by @salmanmkc in actions/setup-python#1259

Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

Add support for pip-install input by @gowridurgad in actions/setup-python#1201

Add graalpy early-access and windows builds by @timfel in actions/setup-python#880

Dependency and Documentation updates:

Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in actions/setup-python#979

Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in actions/setup-python#1139

Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in actions/setup-python#1094

Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in actions/setup-python#1199

Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in actions/setup-python#1130

Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in actions/setup-python#1234

Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in actions/setup-python#1235

New Contributors

@yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates actions/setup-node from 4.2.0 to 6.2.0

Release notes

Sourced from actions/setup-node's releases.

v6.2.0

What's Changed

Documentation

Documentation update related to absence of Lockfile by @mahabaleshwars in actions/setup-node#1454

Correct mirror option typos by @MikeMcC399 in actions/setup-node#1442

Readme update on checkout version v6 by @deining in actions/setup-node#1446

Readme typo fixes @munyari in actions/setup-node#1226

Advanced document update on checkout version v6 by @aparnajyothi-y in actions/setup-node#1468

Dependency updates:

Upgrade @actions/cache to v5.0.1 by @salmanmkc in actions/setup-node#1449

New Contributors

@mahabaleshwars made their first contribution in actions/setup-node#1454

@MikeMcC399 made their first contribution in actions/setup-node#1442

@deining made their first contribution in actions/setup-node#1446

@munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

v6.1.0

What's Changed

Enhancement:

Remove always-auth configuration handling by @priyagupta108 in actions/setup-node#1436

Dependency updates:

Upgrade @actions/cache from 4.0.3 to 4.1.0 by @dependabot[bot] in actions/setup-node#1384

Upgrade actions/checkout from 5 to 6 by @dependabot[bot] in actions/setup-node#1439

Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in actions/setup-node#1435

Documentation update:

Add example for restore-only cache in documentation by @aparnajyothi-y in actions/setup-node#1419

Full Changelog: actions/setup-node@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in actions/setup-node#1374

Dependency Upgrades

Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336

Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362

... (truncated)

Commits

6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
621ac41 README.md: bump to latest released checkout version v6 (#1446)
2951748 Bump @actions/cache to v5.0.1 (#1449)
21ddc7b Correct mirror option typos (#1442)
65d868f Update Documentation for Lockfile (#1454)
395ad32 Bump js-yaml from 3.14.1 to 3.14.2 (#1435)
a4d2e2b Bump actions/checkout from 5 to 6 (#1439)
b9b25d4 Remove always-auth configuration handling from action (#1436)
633bb92 Bump @actions/cache from 4.0.3 to 4.1.0 (#1384)
Additional commits viewable in compare view

Updates actions/cache from 4.2.0 to 5.0.2

Release notes

Sourced from actions/cache's releases.

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

What's Changed

fix: update @actions/cache for Node.js 24 punycode deprecation by @salmanmkc in actions/cache#1685

prepare release v5.0.1 by @salmanmkc in actions/cache#1686

v5.0.0

What's Changed

Upgrade to use node24 by @salmanmkc in actions/cache#1630

Prepare v5.0.0 release by @salmanmkc in actions/cache#1684

Full Changelog: actions/cache@v5...v5.0.1

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Upgrade to use node24 by @salmanmkc in actions/cache#1630

Prepare v5.0.0 release by @salmanmkc in actions/cache#1684

Full Changelog: actions/cache@v4.3.0...v5.0.0

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.2

Bump @actions/cache to v5.0.3 #1692

5.0.1

Update @azure/storage-blob to ^12.29.1 via @actions/[email protected] #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

Bump @actions/cache to v4.1.0

4.2.4

Bump @actions/cache to v4.0.5

4.2.3

Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

... (truncated)

Commits

8b402f5 Merge pull request #1692 from GhadimiR/main
304ab5a license for httpclient
609fc19 Update licensed record for cache
b22231e Build
93150cd Add PR link to releases
9b8ca9f Bump actions/cache to 5.0.3
9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
8ff5423 chore: release v5.0.1
9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
b975f2b fix: add peer property to package-lock.json for dependencies
Additional commits viewable in compare view

Updates google-github-actions/auth from 2.1.8 to 3.0.0

Release notes

Sourced from google-github-actions/auth's releases.

v3.0.0

What's Changed

Bump to Node 24 and remove old parameters by @sethvargo in google-github-actions/auth#508

Remove hacky script by @sethvargo in google-github-actions/auth#509

Release: v3.0.0 by @google-github-actions-bot in google-github-actions/auth#510

Full Changelog: google-github-actions/auth@v2...v3.0.0

v2.1.13

What's Changed

Update deps by @sethvargo in google-github-actions/auth#506

Release: v2.1.13 by @google-github-actions-bot in google-github-actions/auth#507

Full Changelog: google-github-actions/auth@v2.1.12...v2.1.13

v2.1.12

What's Changed

Add retries for getIDToken by @sethvargo in google-github-actions/auth#502

Release: v2.1.12 by @google-github-actions-bot in google-github-actions/auth#503

Full Changelog: google-github-actions/auth@v2.1.11...v2.1.12

v2.1.11

What's Changed

Update troubleshooting docs for Python by @sethvargo in google-github-actions/auth...
Description has been truncated

Bumps the gh-version-updates group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.18` | `4.31.10` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.1.0` | `9.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `6.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.4.0` | `6.2.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.2.0` | `6.2.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.0` | `5.0.2` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.8` | `3.0.0` | Updates `actions/checkout` from 4.2.2 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.2.2...8e8c483) Updates `github/codeql-action` from 3.28.18 to 4.31.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@ff0a06e...cdefb33) Updates `oxsecurity/megalinter` from 9.1.0 to 9.3.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@v9.1.0...v9.3.0) Updates `actions/upload-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@330a01c...b7c566a) Updates `actions/setup-python` from 5.4.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@4237552...a309ff8) Updates `actions/setup-node` from 4.2.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@1d0ff46...6044e13) Updates `actions/cache` from 4.2.0 to 5.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@1bd1e32...8b402f5) Updates `google-github-actions/auth` from 2.1.8 to 3.0.0 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@71f9864...7c6bc77) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-version-updates - dependency-name: github/codeql-action dependency-version: 4.31.10 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-version-updates - dependency-name: oxsecurity/megalinter dependency-version: 9.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-version-updates - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-version-updates - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-version-updates - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-version-updates - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-version-updates - dependency-name: google-github-actions/auth dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-version-updates ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github-actions labels Jan 22, 2026

dependabot bot requested a review from a team as a code owner January 22, 2026 10:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the gh-version-updates group with 8 updates#309

Bump the gh-version-updates group with 8 updates#309
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/gh-version-updates-c72b71bef1

dependabot bot commented on behalf of github Jan 22, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jan 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.31.10

CodeQL Action Changelog

4.31.10 - 12 Jan 2026

v4.31.9

CodeQL Action Changelog

4.31.9 - 16 Dec 2025

v4.31.8

CodeQL Action Changelog

4.31.8 - 11 Dec 2025

v4.31.7

CodeQL Action Changelog

4.31.7 - 05 Dec 2025

v4.31.6

CodeQL Action Changelog

4.31.6 - 01 Dec 2025

CodeQL Action Changelog

[UNRELEASED]

4.31.10 - 12 Jan 2026

4.31.9 - 16 Dec 2025

4.31.8 - 11 Dec 2025

4.31.7 - 05 Dec 2025

4.31.6 - 01 Dec 2025

4.31.5 - 24 Nov 2025

4.31.4 - 18 Nov 2025

4.31.3 - 13 Nov 2025

4.31.2 - 30 Oct 2025

4.31.1 - 30 Oct 2025

4.31.0 - 24 Oct 2025

v9.3.0

What's Changed

[v9.3.0] - 2026-01-04

v6.0.0

v6 - What's new

Node.js 24

What's Changed

v6.2.0

What's Changed

Dependency Upgrades

v6.1.0

What's Changed

Enhancements:

Dependency and Documentation updates:

New Contributors

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

v6.2.0

What's Changed

dependabot bot commented on behalf of github Jan 22, 2026 •

edited

Loading