chore(deps): bump the actions-weekly-rollup group across 1 directory with 12 updates by dependabot[bot] · Pull Request #39 · ogulcanaydogan/Verifiable-AI-Output-Ledger

dependabot · 2026-05-07T14:29:58Z

Bumps the actions-weekly-rollup group with 12 updates in the / directory:

Package	From	To
actions/checkout	`4.3.1`	`6.0.2`
actions/setup-go	`5.6.0`	`6.4.0`
golangci/golangci-lint-action	`7.0.1`	`9.2.0`
actions/setup-python	`5.6.0`	`6.2.0`
actions/setup-node	`4.4.0`	`6.4.0`
open-policy-agent/setup-opa	`2.2.0`	`2.4.0`
actions/upload-artifact	`4.6.2`	`7.0.1`
anchore/sbom-action	`0.22.2`	`0.24.0`
docker/login-action	`3.7.0`	`4.1.0`
goreleaser/goreleaser-action	`6.4.0`	`7.2.2`
actions/attest-build-provenance	`2.4.0`	`4.1.0`
github/codeql-action	`4.32.6`	`4.35.5`

Updates actions/checkout from 4.3.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates actions/setup-go from 5.6.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Add go-download-base-url input for custom Go distributions by @gdams in actions/setup-go#721

Dependency update

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-go#727

Documentation update

Rearrange README.md, add advanced-usage.md by @priyagupta108 in actions/setup-go#724

Fix Microsoft build of Go link by @gdams in actions/setup-go#734

New Contributors

@gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Update default Go module caching to use go.mod by @priyagupta108 in actions/setup-go#705

Fix golang download url to go.dev by @178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

Example for restore-only cache in documentation by @aparnajyothi-y in actions/setup-go#696

Update Node.js version in action.yml by @ccoVeille in actions/setup-go#691

Documentation update of actions/checkout by @deining in actions/setup-go#683

Dependency updates

Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot in actions/setup-go#682

Upgrade @actions/cache to v5 by @salmanmkc in actions/setup-go#695

Upgrade actions/checkout from 5 to 6 by @dependabot in actions/setup-go#686

Upgrade qs from 6.14.0 to 6.14.1 by @dependabot in actions/setup-go#703

New Contributors

@ccoVeille made their first contribution in actions/setup-go#691

@deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in actions/setup-go#665

Add support for .tool-versions file and update workflow by @priya-kinthali in actions/setup-go#673

Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in actions/setup-go#674

... (truncated)

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
4b73464 Fix golang download url to go.dev (#469)
a5f9b05 Update default Go module caching to use go.mod (#705)
7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 7.0.1 to 9.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.2.0

What's Changed

Changes

feat: add version-file option by @ldez in golangci/golangci-lint-action#1320

chore: move samples into fixtures by @ldez in golangci/golangci-lint-action#1321

Dependencies

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1317

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in golangci/golangci-lint-action#1318

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot[bot] in golangci/golangci-lint-action#1323

build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group by @dependabot[bot] in golangci/golangci-lint-action#1324

Full Changelog: golangci/golangci-lint-action@v9.1.0...v9.2.0

v9.1.0

What's Changed

Changes

feat: automatic module directories by @ldez in golangci/golangci-lint-action#1315

Documentation

docs: organize options by @ldez in golangci/golangci-lint-action#1314

Dependencies

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1307

build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in golangci/golangci-lint-action#1309

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1310

build(deps): bump the dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1311

Full Changelog: golangci/golangci-lint-action@v9.0.0...v9.1.0

v9.0.0

In the scope of this release, we change Nodejs runtime from node20 to node24 (https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/).

What's Changed

Changes

feat: add install-only option by @ldez in golangci/golangci-lint-action#1305

feat: support Module Plugin System by @ldez in golangci/golangci-lint-action#1306

Full Changelog: golangci/golangci-lint-action@v8.0.0...v9.0.0

v8.0.0

Requires golangci-lint version >= v2.1.0

... (truncated)

Commits

1e7e51e build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group (#1324)
5256ff0 build(deps-dev): bump the dev-dependencies group with 3 updates (#1323)
13fed6f chore: update workflows
7afe8ff chore: update workflows
5a92899 chore: move samples into fixtures (#1321)
aa6fad0 feat: add version-file option (#1320)
a6071aa build(deps): bump actions/checkout from 5 to 6 (#1318)
6e36c84 build(deps-dev): bump the dev-dependencies group with 2 updates (#1317)
e7fa5ac feat: automatic module directories (#1315)
f3ae99f docs: organize options (#1314)
Additional commits viewable in compare view

Updates actions/setup-python from 5.6.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Upgrade dependencies to Node 24 compatible versions by @salmanmkc in actions/setup-python#1259

Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

Add support for pip-install input by @gowridurgad in actions/setup-python#1201

Add graalpy early-access and windows builds by @timfel in actions/setup-python#880

Dependency and Documentation updates:

Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in actions/setup-python#979

Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in actions/setup-python#1139

Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in actions/setup-python#1094

Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in actions/setup-python#1199

Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in actions/setup-python#1130

Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in actions/setup-python#1234

Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in actions/setup-python#1235

New Contributors

@yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates actions/setup-node from 4.4.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

Upgrade @actions dependencies by @Copilot in actions/setup-node#1525

Update Node.js versions in versions.yml and bump package to v6.4.0 by @priya-kinthali in actions/setup-node#1533

New Contributors

@Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

v6.3.0

What's Changed

Enhancements:

Support parsing devEngines field by @susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

Fix npm audit issues by @gowridurgad in actions/setup-node#1491

Replace uuid with crypto.randomUUID() by @trivikr in actions/setup-node#1378

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-node#1498

Bug fixes:

Remove hardcoded bearer for mirror-url @marco-ippolito in actions/setup-node#1467

Scope test lockfiles by package manager and update cache tests by @gowridurgad in actions/setup-node#1495

New Contributors

@susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

Documentation update related to absence of Lockfile by @mahabaleshwars in actions/setup-node#1454

Correct mirror option typos by @MikeMcC399 in actions/setup-node#1442

Readme update on checkout version v6 by @deining in actions/setup-node#1446

Readme typo fixes @munyari in actions/setup-node#1226

Advanced document update on checkout version v6 by @aparnajyothi-y in actions/setup-node#1468

Dependency updates:

Upgrade @actions/cache to v5.0.1 by @salmanmkc in actions/setup-node#1449

New Contributors

@mahabaleshwars made their first contribution in actions/setup-node#1454

@MikeMcC399 made their first contribution in actions/setup-node#1442

@deining made their first contribution in actions/setup-node#1446

... (truncated)

Commits

48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
ab72c7e Upgrade @actions dependencies (#1525)
53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
54045ab Scope test lockfiles by package manager and update cache tests (#1495)
c882bff Replace uuid with crypto.randomUUID() (#1378)
774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
efcb663 fix: remove hardcoded bearer (#1467)
d02c89d Fix npm audit issues (#1491)
6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
Additional commits viewable in compare view

Updates open-policy-agent/setup-opa from 2.2.0 to 2.4.0

Release notes

Sourced from open-policy-agent/setup-opa's releases.

v2.4.0

What's Changed

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in open-policy-agent/setup-opa#42

add npm to dependabot by @sspaink in open-policy-agent/setup-opa#44

build(deps): bump the dependencies group with 16 updates by @dependabot[bot] in open-policy-agent/setup-opa#45

Bump typescript to ^5.8.3 by @sspaink in open-policy-agent/setup-opa#46

New Contributors

@sspaink made their first contribution in open-policy-agent/setup-opa#44

Full Changelog: open-policy-agent/setup-opa@v2.3.0...v2.4.0

v2.3.0

What's Changed

Add mirror support to OPA download by @richardmcsong in open-policy-agent/setup-opa#31

add "static" input to README, default based on arch by @srenatus in open-policy-agent/setup-opa#36

build: migrate to esbuild by @charlieegan3 in open-policy-agent/setup-opa#34

action.yml: bump node20 -> node24 by @srenatus in open-policy-agent/setup-opa#40

Minor dep bumps

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in open-policy-agent/setup-opa#33

build(deps-dev): bump @babel/traverse from 7.16.3 to 7.28.3 by @dependabot[bot] in open-policy-agent/setup-opa#37

build(deps): bump semver by @dependabot[bot] in open-policy-agent/setup-opa#38

New Contributors

@richardmcsong made their first contribution in open-policy-agent/setup-opa#31

@charlieegan3 made their first contribution in open-policy-agent/setup-opa#34

Full Changelog: open-policy-agent/setup-opa@v2.2.0...v2.3.0

Commits

b2b258e Merge pull request #46 from open-policy-agent/upgradetypescript
9953d86 oops
dc9ce97 Bump typescript to ^5.8.3
c41d925 Merge pull request #45 from open-policy-agent/dependabot/npm_and_yarn/depende...
3d49f04 update dist files
0f32bd1 build(deps): bump the dependencies group with 16 updates
45aa888 Merge pull request #44 from open-policy-agent/dependabotnpm
2655a4c add npm to dependabot
87c8815 Merge pull request #42 from open-policy-agent/dependabot/github_actions/actio...
621c82b build(deps): bump actions/checkout from 5 to 6
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in actions/upload-artifact#719

fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in actions/upload-artifact#744

prepare release v6.0.0 for Node.js 24 support by @salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
Additional commits viewable in compare view

Updates anchore/sbom-action from 0.22.2 to 0.24.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.24.0

chore: update to node 24 + deps (#614) [@kzantow]

chore: update to ES modules (#595) [@kzantow]

⬆️ Dependencies

chore(deps): update Syft to v1.42.3 (#615) [@anchore-actions-token-generator[bot]]

v0.23.1

⬆️ Dependencies

chore(deps): update Syft to v1.42.2 (#607) [@anchore-actions-token-generator[bot]]

chore(deps): bump fast-xml-parser and all other deps (#604) [@dependabot[bot]]

v0.23.0

switch to single-file dist build with sub-action flags and update dependencies (#595) [@kzantow]

switch to esbuild (#590) [@willmurphyscode]

update Syft to v1.42.1 (#599) [@anchore-actions-token-generator[bot]]

Commits

e22c389 chore(deps): update Syft to v1.42.3 (

dependabot · 2026-05-07T14:29:59Z

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

ogulcanaydogan · 2026-05-12T21:06:27Z

CI failure: golangci-lint-action v7 does not support golangci-lint v1 (error: 'invalid version string v1.64.8'). Will address when upgrading to golangci-lint v2 as part of v0.2.30 CI hardening. Deferring this PR until that upgrade is complete.

ogulcanaydogan · 2026-05-20T10:46:12Z

@dependabot rebase

ogulcanaydogan · 2026-05-20T11:33:38Z

@dependabot rebase

…with 12 updates Bumps the actions-weekly-rollup group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `7.0.1` | `9.2.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` | | [open-policy-agent/setup-opa](https://github.com/open-policy-agent/setup-opa) | `2.2.0` | `2.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.22.2` | `0.24.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.2.2` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...de0fac2) Updates `actions/setup-go` from 5.6.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@40f1582...4a36011) Updates `golangci/golangci-lint-action` from 7.0.1 to 9.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@9fae48a...1e7e51e) Updates `actions/setup-python` from 5.6.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...a309ff8) Updates `actions/setup-node` from 4.4.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@49933ea...48b55a0) Updates `open-policy-agent/setup-opa` from 2.2.0 to 2.4.0 - [Release notes](https://github.com/open-policy-agent/setup-opa/releases) - [Commits](open-policy-agent/setup-opa@34a30e8...b2b258e) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...043fb46) Updates `anchore/sbom-action` from 0.22.2 to 0.24.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@28d7154...e22c389) Updates `docker/login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...4907a6d) Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.2.2 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@e435ccd...5daf1e9) Updates `actions/attest-build-provenance` from 2.4.0 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@e8998f9...a2bbfa2) Updates `github/codeql-action` from 4.32.6 to 4.35.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0d579ff...9e0d7b8) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-weekly-rollup - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: github/codeql-action dependency-version: 4.35.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-weekly-rollup - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-weekly-rollup - dependency-name: open-policy-agent/setup-opa dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-weekly-rollup ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot requested a review from ogulcanaydogan as a code owner May 7, 2026 14:29

dependabot Bot changed the title ~~chore(deps): bump the actions-weekly-rollup group with 12 updates~~ chore(deps): bump the actions-weekly-rollup group across 1 directory with 12 updates May 7, 2026

dependabot Bot force-pushed the dependabot/github_actions/actions-weekly-rollup-84f6082f2b branch from 177e168 to 004df35 Compare May 7, 2026 16:15

dependabot Bot force-pushed the dependabot/github_actions/actions-weekly-rollup-84f6082f2b branch from 004df35 to 44e3421 Compare May 20, 2026 09:21

dependabot Bot force-pushed the dependabot/github_actions/actions-weekly-rollup-84f6082f2b branch from 44e3421 to d6b829a Compare May 20, 2026 10:48

dependabot Bot force-pushed the dependabot/github_actions/actions-weekly-rollup-84f6082f2b branch from d6b829a to a67fa5e Compare May 20, 2026 11:35

ogulcanaydogan merged commit 71d4bdc into main May 21, 2026
17 checks passed

dependabot Bot deleted the dependabot/github_actions/actions-weekly-rollup-84f6082f2b branch May 21, 2026 08:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the actions-weekly-rollup group across 1 directory with 12 updates#39

chore(deps): bump the actions-weekly-rollup group across 1 directory with 12 updates#39
ogulcanaydogan merged 1 commit into
mainfrom
dependabot/github_actions/actions-weekly-rollup-84f6082f2b

dependabot Bot commented on behalf of github May 7, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 7, 2026

Uh oh!

ogulcanaydogan commented May 12, 2026

Uh oh!

ogulcanaydogan commented May 20, 2026

Uh oh!

ogulcanaydogan commented May 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

v6.3.0

What's Changed

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

v6.1.0

What's Changed

Enhancements

v9.2.0

What's Changed

Changes

Dependencies

v9.1.0

What's Changed

Changes

Documentation

Dependencies

v9.0.0

What's Changed

Changes

v8.0.0

v6.2.0

What's Changed

Dependency Upgrades

v6.1.0

What's Changed

Enhancements:

Dependency and Documentation updates:

New Contributors

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

v6.4.0

What's Changed

Dependency updates:

New Contributors

v6.3.0

What's Changed

Enhancements:

Dependency updates:

dependabot Bot commented on behalf of github May 7, 2026 •

edited

Loading