Bump the all group with 4 updates #168

dependabot · 2025-06-01T11:57:31Z

Bumps the all group with 4 updates: codecov/codecov-action, github/codeql-action, dependabot/fetch-metadata and ossf/scorecard-action.

Updates codecov/codecov-action from 5.4.2 to 5.4.3

Release notes

Sourced from codecov/codecov-action's releases.

v5.4.3

What's Changed

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @dependabot in codecov/codecov-action#1822

chore(release): 5.4.3 by @thomasrockhu-codecov in codecov/codecov-action#1827

Full Changelog: codecov/codecov-action@v5.4.2...v5.4.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

What's Changed

fix: use the github core methods by @thomasrockhu-codecov in codecov/codecov-action#1807

build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @app/dependabot in codecov/codecov-action#1803

build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @app/dependabot in codecov/codecov-action#1797

build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @app/dependabot in codecov/codecov-action#1798

chore(release): wrapper -0.2.1 by @app/codecov-releaser-app in codecov/codecov-action#1788

build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @app/dependabot in codecov/codecov-action#1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

v5.4.0

What's Changed

update wrapper submodule to 0.2.0, add recurse_submodules arg by @matt-codecov in codecov/codecov-action#1780

build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @app/dependabot in codecov/codecov-action#1775

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @app/dependabot in codecov/codecov-action#1776

build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @app/dependabot in codecov/codecov-action#1777

Clarify in README that use_pypi bypasses integrity checks too by @webknjaz in codecov/codecov-action#1773

Fix use of safe.directory inside containers by @Flamefire in codecov/codecov-action#1768

Fix description for report_type input by @craigscott-crascit in codecov/codecov-action#1770

build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @app/dependabot in codecov/codecov-action#1765

Fix a typo in the example by @miranska in codecov/codecov-action#1758

build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @app/dependabot in codecov/codecov-action#1757

build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @app/dependabot in codecov/codecov-action#1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

... (truncated)

Commits

18283e0 chore(release): 5.4.3 (#1827)
525fcbf build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 (#1822)
b203f00 fix: OIDC on forks (#1823)
See full diff in compare view

Updates github/codeql-action from 3.28.16 to 3.28.18

Release notes

Sourced from github/codeql-action's releases.

v3.28.18

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.18 - 16 May 2025

Update default CodeQL bundle version to 2.21.3. #2893

Skip validating SARIF produced by CodeQL for improved performance. #2894

The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #2891

See the full CHANGELOG.md for more information.

v3.28.17

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.17 - 02 May 2025

Update default CodeQL bundle version to 2.21.2. #2872

See the full CHANGELOG.md for more information.

Commits

ff0a06e Merge pull request #2896 from github/update-v3.28.18-b86edfc27
a41e084 Update changelog for v3.28.18
b86edfc Merge pull request #2893 from github/update-bundle/codeql-bundle-v2.21.3
e93b900 Merge branch 'main' into update-bundle/codeql-bundle-v2.21.3
510dfa3 Merge pull request #2894 from github/henrymercer/skip-validating-codeql-sarif
492d783 Merge branch 'main' into henrymercer/skip-validating-codeql-sarif
83bdf3b Merge pull request #2859 from github/update-supported-enterprise-server-versions
cffc916 Merge pull request #2891 from austinpray-mixpanel/patch-1
4420887 Add deprecation warning for CodeQL 2.16.5 and earlier
4e178c5 Update supported versions table in README
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.3.0 to 2.4.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.4.0

What's Changed

Bump actions/create-github-app-token from 1.11.0 to 1.11.3 by @dependabot in dependabot/fetch-metadata#598

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in dependabot/fetch-metadata#578

Add missing @octokit/request-error to package.json by @jeffwidman in dependabot/fetch-metadata#605

Bump to ESLint 9 by @jeffwidman in dependabot/fetch-metadata#606

Stop using a node16 devcontainer image by @jeffwidman in dependabot/fetch-metadata#608

Make typescript compile to "es2022" by @jeffwidman in dependabot/fetch-metadata#609

Bump the dev-dependencies group across 1 directory with 8 updates by @dependabot in dependabot/fetch-metadata#607

Tidy up examples slightly by @jeffwidman in dependabot/fetch-metadata#611

Fixup some anchor tags that weren't deeplinking by @jeffwidman in dependabot/fetch-metadata#614

Remove unnecessary hardcoding of ref by @jeffwidman in dependabot/fetch-metadata#617

Bump actions/create-github-app-token from 1.11.3 to 2.0.2 by @dependabot in dependabot/fetch-metadata#616

Enable caching of npm install/npm ci for setup-node action by @jeffwidman in dependabot/fetch-metadata#618

Add workflow to publish new version of immutable action on every release by @jeffwidman in dependabot/fetch-metadata#623

Bump actions/create-github-app-token from 2.0.2 to 2.0.6 by @dependabot in dependabot/fetch-metadata#621

v2.4.0 by @fetch-metadata-action-automation in dependabot/fetch-metadata#594

Full Changelog: dependabot/fetch-metadata@v2...v2.4.0

Commits

08eff52 v2.4.0 (#594)
821b654 Merge pull request #621 from dependabot/dependabot/github_actions/actions/cre...
2c22a37 Bump actions/create-github-app-token from 2.0.2 to 2.0.6
6ad01a0 Add workflow to publish new version of immutable action on every release (#623)
8ca800c Enable caching of npm install/npm ci for setup-node action (#618)
6787635 Merge pull request #616 from dependabot/dependabot/github_actions/actions/cre...
a09d4af Bump actions/create-github-app-token from 1.11.3 to 2.0.2
3a5ce46 Remove unnecessary hardcoding of ref (#617)
798f45c Fixup some anchor tags that weren't deeplinking (#614)
6c031ac Tidy up examples slightly (#611)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.1 to 2.4.2

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

Commits

05b42c6 🌱 bump docker to ghcr v2.4.2 (#1548)
b225da6 Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (#1550)
9399f6f 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
e1daa8c 🌱 Bump the github-actions group across 1 directory with 5 updates (#...
9fe6511 🌱 Bump golang.org/x/net from 0.39.0 to 0.40.0 (#1542)
25b9cd9 🌱 Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (#1547)
18cc9b8 🌱 Bump golang.org/x/net from 0.38.0 to 0.39.0 (#1536)
db78142 🌱 Bump the github-actions group with 2 updates (#1538)
de386ed 🌱 Bump golang from 1.24.1 to 1.24.2 in the docker-images group (#1534)
5b7cedb 🌱 Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (#1537)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 4 updates: [codecov/codecov-action](https://github.com/codecov/codecov-action), [github/codeql-action](https://github.com/github/codeql-action), [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `codecov/codecov-action` from 5.4.2 to 5.4.3 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@ad3126e...18283e0) Updates `github/codeql-action` from 3.28.16 to 3.28.18 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.28.16...v3.28.18) Updates `dependabot/fetch-metadata` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@v2.3.0...v2.4.0) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@f49aabe...05b42c6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: dependabot/fetch-metadata dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 1, 2025

dependabot bot requested a review from btschwertfeger as a code owner June 1, 2025 11:57

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 1, 2025

github-actions bot approved these changes Jun 1, 2025

View reviewed changes

github-actions bot enabled auto-merge (squash) June 1, 2025 11:57

github-actions bot merged commit 9d148d4 into master Jun 1, 2025
34 checks passed

github-actions bot deleted the dependabot/github_actions/all-35bdf8d1c9 branch June 1, 2025 18:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the all group with 4 updates #168

Bump the all group with 4 updates #168

Uh oh!

dependabot bot commented on behalf of github Jun 1, 2025

Uh oh!

Uh oh!

Uh oh!

Bump the all group with 4 updates #168

Bump the all group with 4 updates #168

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 1, 2025

v5.4.3

What's Changed

v5.4.3

What's Changed

v5.4.2

What's Changed

v5.4.1

What's Changed

v5.4.0

What's Changed

v3.28.18

CodeQL Action Changelog

3.28.18 - 16 May 2025

v3.28.17

CodeQL Action Changelog

3.28.17 - 02 May 2025

v2.4.0

What's Changed

v2.4.2

What's Changed

Uh oh!

Uh oh!

Uh oh!